This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Does anyone have a sample AD configuration for the LDAP config?

FormerMember
FormerMember

The admin guide does have a little info on this, and a sample screen, but it is odd in that the Enable LDAP Authentication is set to false.  So the screenshot makes me wonder.  Curious about the LDAP Server Manager DN too as it looks like a email address and not sure if that is right.

So if anyone has an example setup to share that would be great. 

Thanks,

Michael

  • Here's an example of my setup:

    pastedImage_0.png

    The "LDAP Server Manager DN" should be the <username@domain.fqdn> format.

    Otherwise, the rest of the items are as you'd expect.

    New Users will not have any devices assigned to them (nor will they have a reference in the users list) until they log in for the first time.  You can change their views by going to Settings, Manage Users.

  • FormerMember
    0 FormerMember in reply to KMSigma.SWI

    Thank you very much for this!  Much appreciated.

    Michael

  • Hello, KMSigma‌.

    Maybe you can help us with this.

    We followed your sample LDAP configuration as well but still everytime we try to login using the the AD account, it's failing.

    BTW, is there any other way we can test or check  if the User Authentication configuration set is correct?

    Version of SRM Profiler is 6.1.0 .

    Looking forward for your feedback.

    Thank you very much.

    Kind Regards,

    Leny

  • Here's what I used:

    Enable LDAP Authentication: true

    LDAP Server Display Domain Name: (NETBIOS Name)

    LDAP Server URL:   ldap://<FQDN of domain>:389

    LDAP Server Manager DN:   <Username in UPN format (username@DomainFqdn)>

    LDAP Server Manager Password:  <Password for above user>

    LDAP Search Base:   <Distinguished Name of the "root" for Searches> (OPTIONAL)

    LDAP Search Filter:   (sAMAccountName={0}) (Left as Default)

    LDAP Search Subtree:   true (Left as Default)

    LDAP Dereference Flag:   true (Left as Default)

    After that's been done, keep the window open and launch another browser (or from another computer).  You should see the "LDAP Server Display Domain Name" above the login prompts.

    2015-09-08_13-22-08.png

    On first logon, the account will probably not have any rights (this is by design).

    2015-09-08_13-22-29.png

    From your other Admin console, go to "Manage Users" and click on "Edit" next to the newly created account.

    2015-09-08_13-23-08.png

    Change the user type as needed, and check boxes for what they should be able to view.  You can also put the users in groups whereby you restrict the group views instead.

    2015-09-08_13-23-47.png

    Save that screen and logout and log back in with the new account.

    2015-09-08_13-24-57.png

    That should be it.

    Some notes:  the LDAP Server URL requires that DNS is working properly and is assuming that you are running an Active Directory Domain.  If not, your mileage may vary.

  • Hello, KMSigma‌.

    Good day.

    First, thank you so much for the detailed steps you have provided.

    However, we are still having challenges to make this work. We are failing to login using the domain account.

    Further troubleshooting done:

    - DNS are setup properly.

    - Port 389 is allowed.

    BTW, in terms of the LDAP Server Manager DN, what privilege must we have here?

    Also, as stated in the admin guide, do we need to enable the following recommendation or it is optional?

    - REad All Properties

    - Read All Permissions

    - Allowed to Authenticate

    - Change Password

    Thank you very much.

    Kind Regards,

    Leny

  • Hey Leny:

         In the past I've used a "service account" which normally has "near"-domain admin level credentials.  However, that should not be necessary.  Realistically, any account should do.

        Q: are you running SRM Profiler on a Linux machine?  I can't see that the LDAP query would care, but if it's a Windows Domain, it might care about having a Linux machine talking to it (depends on how tight your security is).

    --K

  • SRM is installed in Windows Machine.

    I already opened a support ticket for this. We’ll let you know status. Relaxed

    Thank you for the support. Relaxed

  • Send me the case number (via direct message) and I'll see if I can't get it bumped on your behalf.

  • Hello, KMSigma‌.


    I already sent you the Support Case Number.

    The support checked the configurations of the User authentication but still failing when trying to login. We tried to used different admin accounts.

    We ended up gathering diagnostic file and he'll send this to higher tier. We'll let you know for any update.

    Thank you.

    Kind Regards,

    Leny